2.2Bn Malicious Attacks in Q1 Show a Doubling of Threats in One Year

A staggering 2.2 billion+ malicious attacks on computers and mobile devices were mounted during the first quarter of 2015, which is double the amount detected in Q1 of 2014.

That’s according to Kaspersky Lab’s IT Threat Evolution Report for Q1 of 2015, which called the quarter “monumental” for malware.

Kaspersky said that it repelled 469 million attacks launched from online resources located all over the world, a third (32.8%) more than in Q1 of 2014. And, more than 93 million unique URLs were recognized as malicious by web antivirus, 14.3% more than in Q1 of 2014.

Interestingly, Russia continues to be a nexus for cybe-rcriminal activity. Kaspersky said that 40% of web attacks neutralized by Kaspersky Lab products were carried out using malicious Web resources located in Russia. Last year Russia shared first place with the US, with the two countries accounting for 39% of web attacks between them.

“In the last few years, Kaspersky Lab has observed many advanced cyber-threat actors, appearing to be fluent in many languages, such as Russian, Chinese, English, Korean or Spanish,” said Aleks Gostev, chief security expert in the Kaspersky Lab Global Research and Analysis Team. “ In 2015 we reported on cyber-threats ‘speaking’ Arabic and French, and the question now is ‘who will be next?’”

On the mobile front, threats were in a decline but still considered dangerous. During the quarter, 103,072 new malicious programs for mobile devices were discovered, a 6.6% decline from the amount discovered in Q1 of 2014. However, mobile malware has shown to be evolving toward monetization as malware writers design SMS Trojans, banker Trojans and ransomware Trojans capable of stealing or extorting money and users’ bank data. This category of malware accounted for 23.2% of new mobile threats in Q1 of 2015. Kaspersky Lab also detected 1,527 new mobile banking Trojans, 29% more than in Q1 of 2014.

The report also covered the top threats in the quarter, including what it considers the most sophisticated advanced persistent cyber-espionage threat to date—The Equation Group.

This particular threat actor has surpassed anything known to date in terms of complexity and sophistication of tools, Kaspersky said. It’s been linked to the Stuxnet and Flame super threats; its first known sample dates back to 2002; and it is still active. Among its unique proficiencies is the ability to infect hard drive firmware, use an “interdiction” technique to infect victims, and mimic criminal malware.

Kaspersky Lab also reported Carbanak, the most profitable cyber-criminal operation to date, Desert Falcons, the first known Arabic cyber-espionage group, and attacks by Animal Farm, a French speaking cyber-espionage campaign.

Carbanak opened up a new era of APT-style attacks in the cyber-criminal world. With an estimated 100 financial organizations hit and a total of close to $1 billion stolen directly from banks, Carbanak has become one of the most successful criminal cyber-campaigns of all time.

In addition, while investigating an incident in the Middle East, Kaspersky Lab experts came across the activity of Desert Falcons, the first Arabic speaking group seen conducting full-scale cyber-espionage operations. The group has currently claimed more than 3,000 victims, including political activists and leaders, military and governmental organizations, mass media, financial institutions and other organizations.

And as far as Animal Farm, two of three zero-day vulnerabilities discovered in 2014 by Kaspersky Lab are associated with this advanced threat actor.

“During many years of analyzing malware code we have seen different levels of malicious skills—from the standard pack of backdoors and the exploitation of known vulnerabilities to complex cyber-espionage platforms, or even tools as powerful as those used by the Equation Group,” Gostev said. “What’s special in our job is the discovery of a new threat, one that surpasses anything known before. You think: this is it, the lord of malicious creation. But within months something new is discovered that surpasses the previous discovery. This is how the cyber world works: we are hunting the hunters, who constantly upgrade the tools they use to trick us, but we learn too.”

What’s Hot on Infosecurity Magazine?